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Abstract of JP 1 1 1 74955 (A) 

PROBLEM TO BE SOLVED: To guarantee safety, to 
efficiently solve a discrete logarithmic problem, and 
to make the processing quantity the same as before. 
SOLUTION: For add primes numbers (p) and (q), 
n=p<2> q and (g) are made open and (g) is 
selected out of (Z/nZ)* so that gp =g<r-1> mod 
p<2> has a location number (p) in (Z/p<2> 
Z)*; and m+rn is found (1 1 0) from a plaintext (m) 
and a random number (r) and C=g<m+rn> mod 
n is counted by using (n) and (g) to output a 
ciphertext (120). Then Cmodp<2> is found for 
C, (Cp -1)/p=L(Cp ) is found, and a secret key L(gp ) 
<-1> mod p is multiplied by L(Cp ) to obtain a 
plaintext (m) (200). 
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^mux i &rmmmb lizmmgrnizis 
v *xm 2 mm* immxmm % i x mxz 
r\immm t zmm i mm mmm. 
[IMH2] p, vzm-t'vmoGmLb-tz 
t , _tj Em i $mm* n = P 2 q r$> o , mm 2 
msii. nimti-mm&mM (z/nz) * ^ 

fr^, gp =g?- 1 mod p 2 (Z/p 2 Z) * CDcfrC 
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m^m $ Ktzit c p \,zm& mm. tm mmm * 
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iac p jo<g p , c p < p 2 crmwizfo&mix\ s 

p =c p =1 (mod 1). g p *1 (mod P" 2 )^ii 

u ( (g P - d/p)- 1 mod P ^±ia®2K^at 
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±15 S S A 7^3" U X A#S(± , 
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±15 a (Cp ) ±mmmmx^bx, mmmz 



(3) 



WM^ 11-17 4 9 5 5 
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tu%m%mmzmmt& z t tmm t^. 
[0003]-^, ^mmmmi. m^mtm^mtm 

z t mmmmumi. wmeowm 
nm%hm\^x\ m^M?)WMfj^mxfoz>» t 
tz, m%mmte&ft<?)mmtEvzw®fc<mtm 



x\ m^zmm-tm^mmmmx^t. mh. &m 
»tw m-rtat. mm&zmmz mmmx 
fo~?fzm?) f gimmmmmzti&« ttz, ^mmm^ 
itmo m^-m±% ^mmxh ~> tz , mmm^mmfm 
imm. m*>. mmstzmts-zmff*^. t 
tz. mm^xu. mmmmxm^tixv^tz 
^memximztifzm^xtt, nmim^tt~ 
A^dib^tixfrmmitzfrtimfethzttf&m 
vk -u. ^M«Bt^-m. wmz&t&i><?>ffm- 
xh a tzib , mmxn^tztitzxmzim&m?) 
a. ®min^nm-xfctk\^nmx\ wsm.& 
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tll>E (F p ) cO^^jSP^^^TV^lBf, P 
= mG*}lfef^m^toS|^jffl, JiTF, ECDLP 
tUt". fflL. iGli, fSR«±«MST"G^mfgL 

i?IJx.H\ Menezes , A.J.I 1 "Elliptic Curve Public Ke 
y Cryptosystems " , Kluwer Academic Publishers (19 

93) hit. ■i^mzxmi tm-) =5rt*^ 

SB%^fflW^i(7)(i;, RSAHf-Sf, Rabin Bf^- S El 
Gamal Bf^-, f^RftHHf^ (fSHElGamal Hf-^) j6<#(f 
fetllitS^ixl,^'. RSAHf^. Rabin Bf-f-fi I FP 
^HL$, ElGamal V§mt. DLP^flLS. ffiPJftH 

Bt^ii:. mm±cvmnmmcv&cD%tmizmmGa 

mal Bf-^-T'\ ^LiltiE C D L PcOitLS C ^fL-fflS 
-3<h?)Xhh« 
[000 5] RSAHf-f fcowtti. Communication of 
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the ACM, vol.21, pp. 120-126(1978)^ Rivest, R.L. 
m^X-iX. "A Method for Obtaining Digital Signa 
tures and Public-Key Cryptosystems" tMLTlmS.? 

ttXH'O (liTK z<?y5G8&-m2bm-) . Rabin B| 

^Z^^Xii., MIT , Technical Report, MIT/LSC/TR-2 
12(1979) tRabin , H.O.tiot, "Digital Signatur 
es and Public-Key Functions as intractable as Fact 
orization " tmiXlfcRZtlX^& (OT, l^JM 
%3M3tfc-f) , 3£>£, ElGamal Bf-^tOV^Tti I 
EEE Trans. on Information Theory, IT -31 , 4, p 
P. 469-472 ( 1985) ElGamal T. izX^X. "A Publi 
c-Key Cryptosystem and a Signature Scheme Based on 
DiscreteLogarithms " kMLXtmR^tlXH 9 (lit 

Ts ^£ffi£:£tJ;4fc*t-) . f«RfillW;ouT 

(4, Miller, V. S. fcKoblitz , N. fci-^T. 19 
8 5^Z^l l Z^m^tLtzh(?)Xfohi)K Proc.of Cryp 
to' 85 , LCNCS 218 , Springer-Verlag , pp. 417-426(1 
985H;Miller, V. S. [Zi.nX "Use of EllipticCur 
C^Ej (M) = M e (mod n) 
M = Di (C) = C< (mod n) 

xjmt h o z. (om. ms&s o < m< n - 1 zmz-ftj: 4 

Dj (E 1 (M) ) = M 

[00 08] Rabin Bf^ffi 9 T*£ . 

P, q, n^y^MDtJXD. 0<b<n£ 

C = E 2 (M) =M (M+b ) 



ves in Cryptography" tMLTfMStl (ITF. Z\CO 
3ffi£3M5k%t) , Math.Comp. , 48, 177 , pp.203 
-209(1987) fc(4Koblitz , N. t,z£~oX "Elliptic Cur 
ve Cryptosystems" k jgLTfft&3*rO*l> (lilK i 
^SSK^SK 6 i:«rt) . 

[0006] UT, MtmMzZtihnffilrZiB-ftZL. 

q£jlV\ n, e, d£& 

n = p q, 

GCD(e, LCM ( p- 1 , q - 1 ) ) = 1 , 

e d= 1 (mod LCM (p- 1 , q- 1 ) ) 

<1.1X\ GCD (a, b) (2, Si*a, b«fefc;M) 

IA, LCM (a, b) (2, 8f£a, b^Mtfg&fcS 

[0007] ( n , e ) £$fflm ( d , p , q ) £«g 

mtLX. Hf^«I (Ej ) tfMWI (Di ) £ 



( 1 ) 
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3«§ti: LT, Bf^Wi <E 2 K W%>m 
(D 2 ) £ 

( mod n ) ( 4 ) 



M = D 2 (C) = (-b± v r (b 
•C^a-fSo Rabin Bf^ti, ft^B#«Sir*S^S?< 

t(4Ho0ft|^ItlT % X , ±C0 1 1 xwmtf-miz 

imh$tix^z, a znizmixii, m^immm^ 

W&M. Vol.J70-A , No. 11, pp. 1632-1636(1987) 

\z . g^t iot "SHa^ftf^ffliis k nm^ 

C = (Cj , C 2 ) = E 3 (M) 
C x = g r (mod p ) 
C 2 = y r M (mod p ) 
M = D 3 (C) = C 2 /C p s mod p 
T"g«fl>o rti, 0<r<p^|,f£EOSiA 

M = D 3 (E 3 (M) ) 
miLt&. mmBM^ (ffiH ElGamalBf^) Offijjg 
iiiJWil p2r«it 1fPfi«#cF p ±cD«Rffi 

IE (a, b) : y 2 = x 3 +ax + b (a, be 
F p , 4a3 + 2 7 b 2 *0K ffRffiiLL<7)F p 

ji*gt-\ ^^5aq^'+^# ^mmmmzm^ 

C = (C 1 , C 2 ) =E 4 (M) 
Ci =rGi 



+ 4C))/2 (mod p^Omod q ) (5) 

£*VO^. (IiTr\ ;^ifi^^ffi7t*t-|») 
ElGamal Bi^OMi^MOT'^l. . P 

it gJ, p££fcLfcTO*J£8i¥ (z/pZ)* co 
B|1*J, fig^'p-l^TufcU 0<x< 
p£5^&x£ffiSfcJK9, y^s 5 ' (mod p ) kH 



icrm, (y, J 
If^WI (E 3 



[0009] M^'O 



p) * 7 A v fflli. x£f 
) , (D 3 ) \ 

(6) 
(7) 
(8) 
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:u<pxhK\L 



(10) 

^»St)«i:tS t 0<x<q£&ffiiO^£JK 
0. E (a, b) ±tOjDST"P = xGtf l>o i^B#, 
( P , E ( a , b), G, P, q) *&fflm. x(iaf?g 
litLTBf^WM (E 4 ) . fl^M (D 4 ) £ 
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C 2 = rP+M 

M = D 4 (C) = (C 2 -xC[ 
xmbt. r(iO<r<q^il^f£E^Sa 

tu mmmm^tzu^m^hcoki-^, ttz. rp 
+m(4, x-mm&Mt%&!%pitim±.<7»!ib *r p t 

i-Zfrt'SMZttfrt,*^ {ZZXff^lL 51*1 
H£5g#>TM££, &mgw%l^£ft;Dirt& - k 

ZX. k(2&|»Sin<7)t*>y biS^H^t^ Rabin Bg 
^OftJTMi^ Bi^Mff(ik2 cO^-^-T\ fl^M 

[0011] ElGamal Bf^^|f»{±, Hf^«i. fl 
^IfiiUks ^^-^"-t«T"# h „ k 

(4. ^ffliiT"£>!>«scp^b'> b^a-rt^fc-rs. 

k3 ^^-^"-T"SiMT"# § £ i: 

[0012] *-y-?smth%:t>. i&ffnmm 
%mi.m^h^j:\^K mm$^ik, m&&x< 

co^m^'h^mmzmmmco i ommmmmv 
frfrz,zkfmt>hxx^h« mz, 3&mz^xi&< 
mm. (%m%) mmmmtxm 
^kzmkt&tztb, k'^mmmmmmixi^ 
i«n^rf. mh. mm&tixte. ^» 

Ik ( m^Jtfr t> . ^^m^wm^ib t>ti&mxor. 

tmz^mmmk. mmmizm*%wmki 
o ) , ( ^fic^sn ) £ 1 1 o z. k m 

fiffittt i. o ^mmmimco-nmizftiftM „ m 
iz.. mmmm^xh, mmMim^x&m mm 
^im^zm^tz^xm^im^m^tzm. 
^zxntzwmk^rmm^m^x . mwmx^m 
-f&im) tf^thrnnx-foh. 

[0 0 13] ZZX. zti^^m^z, ±m 

coimm^mmm^'s^mz^^x^K^ z t tz-t 

hk. RSAHf-f, Rabin ^ffii. 0%I FP^itLS 



(13) 

-C-SI) (14) 

mxfommp, q^'^i lcm( P -i, q - 
i ) mmm^s^^tL, ^^zmm^ 

tlXltd, C\C\X, LCM (p-l, q-l) £ s n 

mn*t>$i#>z 5ki-&c\kiz, n zmmwm-fh z. 
bbmmT$>&zk&Mmztix^&. mh. p, q# 

^^l^it, LCM(p-l, q-l)^*fel» 
XUlt>\ Rabin Bf^^^SII!-rS^(i. &HJ&n 

^mmwm-rmmzt^z t ^iras^-o^ . bp 

I) t" 5 ^(i*ff?$T"$> S fj\ Rabin Bf^^ 

iniii. i f p i t mmxhhz t ^Iiehjs^ 

Tl^ 0 (iiicOitiWf^t, IFPtflit'tSIt 
WJ§ixTV^|,) ^ORabin ^*SS(4, fc^S*^ 

mm i f p ) ^'HL^rS)^ a kmm-& 

zkizx->x, m^mm<?&£&immftm ^ t 
zi®!sbx^itzi>cDxfct> ±j&m$m& 
^m^&Tmx.\i. %:Mmmmix'££xfo i z. 
kt>\ i f pcomi^ %imuz±.x\ mmztLtzzk 
&EtttT^i> 0 mfttimizmL-at. rsahi^ Ra 

bin m^MZ, Bf^jtC*^, W-JCMCDMTlAt: ~y hi 

tifolc\kl±, ct^., m±m^hc\k mtim 

b^zk^mm^tLX^, ttz. z uzmmizmm, 

mim^tLXX^l, ZCOmmii. SIAM Journal of Comp 
uting ,17, 2, pp. 449-457(1988) HfcUT, Alexi , 
W. ^ti-oT. "RSA and Rabin Functions : Cert 
ain Patrs Are as Hard as the Whole" fc ULTIMO 

mz. ElGamal Hf^OS^tttOUTT"J)l>*\ ^ilti 

d l p com l § ts-? < nf^-cS) i> m\ D L P 

ixif, ^HHSt (y, g, p) ^gffiUxj&J^ftii, 

il. mm$KXl£5„ L^L. ElGamal Hf^SM^ 
D L P k R tgStlt U t" 5 fit t ^ 

l\ ftnttJaHf^tO^Tt. ECDLPtR 

tmmizmiv^k' o Mmmztix 

[0014] £Lt, ^HW^^SfflW^&PfKSBf^to 

n<mz£&tfflmft%&$imm^te. Rabin at^t^ 

-^ttMmt LT03&>i.5t,c7)(i, IFP, DL 

ptECDLPf5L^a^tiT^<, ztit>%m^>xm 
mmoo^fzmiv^mmm^x^ttft & z t ii- 

[00 15] 

[%0J«*t i 3 tt-|»HM] ±^J; 3 iz, mm 
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-IjfaW&mbbXtelFP, DLP^ECDLPfit 

mco^mmm$tLX\^mmi, Rabin smtt 
<?y$mt*nxfoh. 

[0016] znimmmz. -iifowmt ixi* 

I FP^^'fet, SfLM r^LFj Sffl^T, I 

t*r t x^±xh h^k tmmx% h'kmmFmws. 
w&th^xhh. 

[00 17] 

rjm<vmm*mmmrr&. p. ^-^m 

imM (Z/nZ) *±T'«^tll,^fc. n = P q 
fcL/ifc^ n^iSt L^flJ*ffiisZ/nZ±T«S 

mu. ^mmmzm?<'8§mm 

[0 0 18] «I#:F P ±^RftHT\ fil^'p^ 
i<7)£ anomalousftHfflllfcll?^; t(rfi> 0 <I<7) ano 

r= {xe (Z/p 2 Z) * | x = 

(z/ P 2 z)* Hfc(tsiffiiS#f&iajjS{2. Sftotd 

L (x) = (x-1 ) / P , xer 

iiOWS^fKi. *PI«ftF p \zkhk^£^:h, -rs 

L (ab) =L ( a ) +L ( b ) mod 

^-^-T"J)S;t*»t^l» 0 f£->T. rets 

L (y ) =L (x» ) =mL (x) 
i^l><7)T\ L (x) ^Omod P TS>ilf£ 

m = L ( y ) / L ( x ) mod p 
&stMK#ft& x, yj&^ m^* 

[00 2 1 ] ^ttiC£ffluixH\ £<3JtL^ r^L 

(Z/nZ) * - (Z/ P 2 Z) * 

-rx (z/pz ) ! 

it. ITfX&Hb^tLt : ge (Z/nZ) * T"g P =g 
p- 1 mod p 2 er#L(g p )^0mod p Srifjffi 
JR 1 ?. n, g, k^lH^fc-rS. Z\ZX. k(±. «a 

Q_gm+in m0( J n 
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£t}*Sdi:^\ Smart, N. P. HJ; -5 " The Discrete 
Logarithm Problem on Elliptic Curves of Trace one, 
preprint(Se P tember,1997)" fcfc^T (ITF. Z<DJM 
£$M9tffit) . itm^mz iot, "Fermat Quo 
tient and the Polynomial Time Discrete Logarithm f 
or Anomalous Elliptic Curves, preprint (September, 19 
97) " ttsvvt (lilT, ZVJMZJMl Ohm-) . 

%tl?tlM3UzniR-$tLX\ii&. Z<7) anomalousflPdfft 

mzmz>ffimmfflm*m< tjwjx&z . j,xrc 
ii s s A7/wy xj» t pf t t-fi> . 

[0019] i^0ii^T**§;flT^I> £ k 
k L-X. £>l,«c*)p-Sylo W gP^I¥Hfcitl>ilttMi* 

T\ P-Sylow gfrfrStefcL «i!f, WPPH^X^ 

(TXT) 4> mO s ± ^%h(T)$:H CDP-Sy 1 ow SP^ffif t 
^^SJTIi. i^SliS^ff^p-Sylow gff^gf 

[0020] pzmmmkix, p 2 zmtifcwmi 

(Z/p 2 Z) * HfcV^T. ^^P-Sylow 

r, ap^» s zco%&i±mip<v&ftmz%&tf* Mt 
imio^zmnh ■. 

1 (mod p) } (15) 
(16) 

k. zcommui. imcoa, bercMtt 

P (17) 

vmmmmm. wh. xer, m ^o<m< P ^t 
jstoivrfi, ^ (17) 



mod p 



(18) 



(19) 



■f, ^HAfJ#Sa (^HA#J*SH(i, MUZ. 

■ lJj*^, "^fft^" .pp. is. &mmm ( 1 9 

9 7 ) £#Hg 0 lilTs ^^ffi^^ffil 1 tftrf ) =fc 9 
< (Z/qZ) * (20) 
X (Z/qZ) * (21) 
P, q«t">y hStfc-rS. T5:m^0<m<2 k - 1 *>t 
KI>SI*iAtt-|»t. r^Z/nZ^tffEtKO. Bf 

(22) 



(7) 
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&<*nffl$kftmZ%tb&Zbfflii^ m(±0<m<2 
C p =Cp-! mod p 2 

^ mit-s crfcii. &nMi n mmwjfmth zxtt. 

BP^, I FPt^ttT"*)l>;t* i fiEBjT^I» 0 

[0022] zco%m<r) rmwffiizm~J<mm*m 

mod nx-^mmmio . n-^itjr#§^ 
t^D, n - mm^msixm^-xzwmmk 

E p : y 2 =x 3 +a p x + b 
(a p , b p £F. 
E q : y 2 = x 3 + a q x + b 
(a, , b q eF, 
a = a p mod p , b = b p mod p , a = a q mod q „ b 
= b q mod q^r^a. b(i, fflAS^Sai: Omod n 
E n : y 2 — x 3 +ax + b (a 
+ 27b 2 , n) = 

E n = CE P , E q ] , a = [a 

E n — (E p mod p, E 9 mod 

[0 0 24] 4-. E p (4 anomalousflfRffiiL E q (4 a 
nomalousT"^^flRailtt-S 0 ZCQbZ. ±^ r St 
Sffi:l-3'<M^gIj tl«I^Hn, E n , E n 

(Z/nZ) 0*G, k£&IH&i:LTi5<. flU G 
C= (m+ r n) GeE n (Z 
fM^(4, n^H^p^a^T^Si^li:, ^Bg^C 
<7)S*5$£mod p t LT\ E p (F p ) 0*0^1111 
sSfc^&f S £ t ^'ffi*l> ±3i£0 S S A7/k3" U 

LfztfnXmm&KU^tfftikh* £fz. c\cD&ffi 

HBf^jPf^-fS^kfi, &mmnt anomalousffRffl 
B± anomalousT''%^ff Rffii^ #HAfJ£5£S£ffl 
^Tf#^!>Z/nZ±^ffRfflHE n , &Gff5-z_t> 

hhztmmx'%h„ Bp-fe, :«n, e„ -eoft 

^SHibMBffig (&TCti, M I FPfcfg^ 

v ^m^mmt tzta. m i f p t mwxh 

[00 2 5] rffiP3ftitltS'?<&^Hf^ 

hitX. E n (Z/nZ) tfcttl»^lfE^fe^ 
»S^££^-|>«M^ E n (Z/nZ)t«I 



mzfoh^x\ mod p-m-m^so. t/i 

(23) 

tiMffi-fs. m*mm±. Sp 2 t-^p-ishi 

x'mth , m&msmm* 
[0023] mz^ z<»m<D tmmntzs^<m 
mmmi towels. mtMLt^it, 

-•0<7>miP, q 0 , n = P qtL, F p , F q ± 
^RftHEp , E q ^'mm^T"^-X^^Tl^t 



4a, s +27b q 2 ^0) , (25) 
X—MlZ^t Z/n Z±T£*£;h.fc 



, beZ/nZ, GCD (4a 3 

1 ) (26) 

iz^mxm^mm^m^x^^timmzhi^crM 

p , a q ] , b= Cb p , b q ] (27) 
q 3 (28) 

t±-Hh*;#& (^Ji«S't"-/M^'nfcRH:) fifMo 
t«i:LTt3#. k(4. Slip. q«t'7hatt-|) 0 
T5lm^0<m<2 k - 1 frt>M&Zbl,Z-r& 
t, rZZ/nZfrtilimzM*); m^ft*}frC&>& 

AZ) (29) 

situr £?? a , e n . ^mm^ t> % d , e n _ saitm 
^x^^Ktz^xmimmzimti. -n. u 

E„ (Z/nZ) ?)j££Ep (Fp)^jSt 
Sffit-|»mod p-jg7C^t, E p (F p ) t^(tl»iltt 

Ma^M^fti v ^-c^-r s . s s at;w y x&m*t> 

[0026] 

HBt^gj *K?ti<?m#iimwffii&m^ mz, 
zK?K<7)&mizmh-mw^z^xmmt& „ * 
■f{±, rst^ts-^x^wt^Mj tout, 
( i ) 

Gmmp. <i*&mzwv. n= P 2 qtts. fcfc* 

L. p. qt0f-yM4(i:^]tT"ktt-|> o GCD 
(p, q-1 ) =l&}l^LT^I.i:-rS. 
[0027] S4t, (Z/nZ) * <7)tp*^ s g 
p =gp-i mod p 2 ^' (Z/p 2 Z) * ^^T'^fiS:^' 
pfc&Sfc CAUSES. -TSi:. ±^MSLT"L 



(8) 
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(g p ) ^omod p^ffci-rs. mm. (Z/ P 2 Z) 

* <Dc£T"^)fii^' p t ^1) t 1 + k p mod p 2 ( k 
(±pT'flJtli^) b$&. LfctfoTL (1+kp) = 
( (1+kp) - 1 ) / P = k^Omod pb%&frt>-C 

VfMZg* (Z/nZ)» ^jl^fc, L ( gp ) * 
Omod pfc^|,1i*(±l- ( 1/p) ISSt#i^^l> 

TL(g p ) -imod p£fot>frtibW&LZt5<Z. biz 
C = g I » + rn mod n 

( 3 ) II 

Bf^CC^ft^ (30) <7)pj2£ s W?^p-ltf 
hb. mod nt"^|s|^(i, mod P 2 Ti>jfc£ 

Cp-1 =g( P -D (.*■«) =g D « 



[0028] iot, (n, g, k)£«i(p, 
q) £SMfct-|> 0 rit'L (g p ) -imod pI>%® 

( 2 ) Bf^WI 

(fflU 0<m<2^-i ) 1/ztiLX. it. SLI* 
r£ 0< r<nc7)|ell^A ) jly : \ m+rn^ffjrU Bf 

[0029] 

(30) 

U g P mod p 2 «ipt*D, rnti P ^»T 



rn mod p 2 = g p 11 mod p 2 



= C p " 1 mod p 2 



(31) 
(32) 



C p = gp m mod p 2 

Cp , gp ertfc^H, _BTC£«L*:Wi8:L£$ 

L (Cp ) =L (g p « ) =mL ( t 
m=L (C p ) /L ( gp ) mod p 

[oo3o]fct, fi^as»fit-i> b . it. m 

^C^LX. (32) t"C p ^ifJTU ifctL (C 
P ) fcfUTU ftf^L (C p ) b. ht>frltbmtl 
Xt5<Hb^iH^k?>h (gp ) -imod ptc7)mod P T"<7) 

mui->xm^&m« 
o) r^pt^x&iBiifft^gj *\ 
miztt Lx^xhh i b mm, 
[0031] rmmiz&j<&mm^$mi zmm 
thzbb. n itmrnwrntt z t tsmmxhh z b 
n * mmt"^ ^mmxmmmftm-f%> rivd 
vx&tftp&ttux. m^Mz rmmmzm^<&mm 

m$LT$&(vx\ z^xn. Rmm^umti ■. 

*T«^I> T)Vd 'J XA A#frT S £ hit . njfg 

ffl-r a c\bizi.^x, frZc^mmwm&mi nv^ 
vx&azbT&z. kit. nmcom^it^. mm 

mm. 4\ ( = p 2 q ) ^i^Tv^tt- 
i>t. 7>^Atge (z/nz)* &n/u\ c\om 
wykwm&mw?))^*-? b ix . nmx-z 



at 

' ) mod p 



(33) 
(34) 
(35) 



mmxbi^btf&mx. mz. x ^z/nzK5y 

xmod pLCM (p-1 , q-l)<7) 

ft^b. ^?Mm?ymm%^m.mz&»h. m^im 

im^m^^ifmzlUX < l . m+rn|:MtS> m + 
rn modpLCM (p-1, q-1) <7)#fij<7)llf4, * 
IWCJ> !> i t tfaEHJlT # l>o Z/ n 

Z^^^'A^x^Ht^ C=g* mod nT'ffJTSifl 

Ammi. c^j£-f-s^x 0 x 

t\ Mlt"^^U5|*T"x>2 k - 1 tLTJ;<, -TS 
t. x = x 0 (mod P ) . tfz. x 0 <2 K "! ly. x 
= x 0 (mod n) ^fciLb^t). L*t, CCD 
(x-x 0 , n) &ff-g-f&fc. i^fliip, pq, P 

s. ^frtLT, n<7)\i y hm^m^m^mmxm 
mammm ^shi^wi. - b t ^« 

[0032] mz. rmmtiz&3<mmmi 
tout, H^foffij^ ^SHmw«i 

#:F P ±^ anomalousflRftlSEi^Si^Ma^Mt 
(4. ^^F p -m*G, Ptf5-lt>tVfcbZ. P=m 
Gt^|>mGZ/pZ^3f<cs6|>ii;T"S)l>^\ S SAT 
/^3"iJXA(l iT-'tii^^. anomalousiftnftitLh 



(9) 
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nmkmfflmnw&zs-z- & rmv xat\ mm 

#:F p _b?) anomalousffiP3ftiHTS)fL(f, P^K'yM 
£kfcLT. ItJtiJik 3 ^-^'-T^I>Jjp«^7 



+27 b p 



: (G, P, E) 
ffi^: m 

¥JI 1 . E £ Z±fc#%±lf fcftPMiKE ' T\ E ( F 
p ) A^F P ^^ffU E ' £\ gBJ^fU;^^ 

^-^"-T"ft3rT'#l, 0 

^11112. ^IHIlT«L^ftA E ' ^TA E ' 
(G) , A E ' (P) £113: L (;^(±k3 

Ep : y 2 = x 3 +a p x + b p 

(a p , b p eF, , 4 a p 

E q : y 2 = x 3 + a q x + b q 
(a, , b q eF, 
flU #E p (F p ) = P , #E q (F q ) = q ' =q 

+ l-t (-2^q<t_<2v r q, t¥=l, q' *=p) 

mtzi-tti, mm y ^m mm) em&m>-t. 

X, anomalousffiHflita^4fi£tOV^T(i, Mx. 

H\ IEICE Trans. Fundamentals, E76-A,l,p P .50-54(199 
3) tfc^T. "Elliptic Curve Suitable for Cryptog 
raphy" tMLX . Miyaji, A. fcj: Offo&SfUO^ 

E n :y2=x3+ax+b(a,b e Z/nZ, GCD(4a 3 +27b 2 ,n)=l) 

t%b*>. txiz^muztm-xmrnz 

E n = [E Pj E q ] , a= [ a P: 

G= CG p , G q } 

bLXH< 0 

[0 0 3 3] S^t. SSA7;WJXASffl^T,& 

ftA Kp ' (G p ) -imod p£lfELT^< 0 ,1 ft CSS® 
t«-ot LX%z_X^\ OT. fgJWcto^ -TO 
^fI£Afc»<„ m^X. (n, E n , G, k) 

m. (p, q) zmmt-tt. z\zx, e p , E q , 

C= (m+ r n) GeE n (Z/nZ) 

ffiU ^RfiHE n _h«££fflvv<:, £G£ ( 3 ) IMWI 

T&S^fcfc&S, "f^t^ ^o<7)Z/nZ(7)7t;(7)$M 

T"S)i» 0 (hixmnn, c= (c x , c y ) , cx, 

CyeZ/nZ) 

C p = (m+rn) G p =iG, eE, (F p ) 
StIk anomalous flP4«tfettl»«Mi^Mt^« 
Stll> 0 C= [C p , C q ] tfcV^ 0 



TifJSSK m=A E ' (P)/A E ' (G)modp^ 

tf^i-rs (;ixit k3 

ivfftfcLTt. P<7)t*«y bS£kt-rtlH\ S SAT 
;l/3"UXAt0lti:i(ik 3 ^-^-TAI.. Z<0 

a e ' (± s e ( f p ) 3&^f p swffitix commute 

ifotzih* a i - <?)m$Lijm%£\ mi<a. 

0&#H§. i/-cp^'5lilTT*^lH'SSA7^3" 
U XA £fflui, ^ i £r < o 

( i ) mcotktfi 

P. q^b"-yMi(±Ff fCkfc-f!,, F p ±^ a 

nomalousflRftllEp , F q ±C0 anomalousT'^ff Fl 



*0) , 



(36) 



4 a q 3 +27b q 2 ^0), (37) 

(liiT. ^co^k^ki 2 tm-) Stfc. Ep 

(F p ) , E q (F q ) #*^j£G p , G q T\ IjW 
ord(G p ) = P , ord(G q ) = q' %|, t C^S^HR 

st-i., zzx\ E q (F q ) -mzimmmzi 
h t \m?>& ^\ i i xnmmrzfoc\ 3 mm lxh 

OtU ^cOA^^»i*£fiiAt^l»*£G q tJRot 
^fflAfiJ^Jga^ffi-oT. Z/nZ±cOflf 
R«E n ^f^l, : 

(38) 



] , 



(39) 



(40) 



G p , G q , A (G p )-imod P t^gffiHt fit 4> i 

( 2 ) Bt^^^a 

¥5lm (fflL. 0<m<2 k " 1 ) IZttLX, t^.. 
rSr0<r<ncOtETO 1 tjiy : \ m+rn^lfgL. Bf 

[0034] 

(41) 

Bf^CtOS«jt (4 1) t0M3a^, ^timmod P t 
■thb. rnJip^figSrCftoTrnG modp = 0i:^ 

(42) 

[003 5] i-jTSSArMWA^fflHTmiif 



A (Cp ) =A (niG p ) =mA ( G p ) mod p 



(10) 
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m=A (C p ) /A ( G p ) mod 

i o o 3 6 ] ^o-c. fiwi^sat-i. t . *-r, m 

mtClZttLX. C = C P mod P^ltJTU ifcfcA (C 

p ) £tnru m&zk (c p ) t. h^tmnt 

T£<;t^ffi*SA (G p ) -imod pt^mod pT<D 

mm^xm^mm. 

( 3 ) r^H«^a^<^wf^gj tj\ 
<&?MBmmwi mwtth^tt. mm(n, e 

[0037] n **mx% ^ymmxmmm^mtir 

th : - ^mmmzm^<mmis%%m.i zmmx 

# 3rV «T«t-|> T^n" y XA B^S^S £ £> (4". 

n ^HHi^st-s^e^^iM^rESr^d'y xa 

fi&i}*& " ( £ C\ X\ _ti&7) " n 
S. 3tKl 1^#M) 

sas. 4-. ^ESSn ( = Pq ) m-tt>tix^&t-r& 

t. z^Z/nZH^^AtEJ;!:^ zmod LC 
M ( P - 1 , q - 1 ) t . S^&Mf^X 

T^tfctts, mmmmmcom^m mzmx < s . 

m+rnCMtli, m+rn modpq' (T)jf^mi. 

mux^mmxh^itmrnx^^, 6M. z/ 

nZA>^7^(Iz^, C = zGeE n (Z/n 
Z) TH-IISftfcCli, *IIt"#^^W*T«^/'i 

t. 7^:/yxAB(4isitL. cttt§f^z 0 

M5. 3\ z<2 k "! ^StSH^Itt^Sfii* 
(4*11^ S^T", lfitl^«tz>2 1 - 1 tt 
XX<. -fit. z = z 0 (mod p) . ttz, z 0 <2 
iO. z^z 0 (mod n) *Cpfi£ifc^l?. Lfc# 
oT, GCD (z-z 0 , n) ^ffii^St. £<9ffi(4 
pt&y. n£SHi^WS-t^ffi*S^ ^#ct L 

[ 0 0 3 8 ] &(:. ^^0JcO r^StiSftS&BBit 

Bt^saj . *mvimmzm^<mmmwm.i 

HI 1 l,Z^t i a £ . Bf-^M 10 0t fl-^-gg 200*5 

ilfi@ll3 ooizi. vmmztix^l. stf^ISiio 

0(4. 1 1 0 fc&nT'^lgff jr#§ 1 2 0 £ 



P (44) 

m^§^2 o 0(4. r-^&&2 i o tiwti* 

llffii52 2 0^*t-|» o 

[0039] £-f , mmtMW 1 0 OT'^Bt-f'^MJlt 

^xmrntz . »Sr^^« i o o izm&m&sm 

1 1 Otf)f$ffl£0tSr$\ m&ftMl 1 0(4. «t^t 

i o o coffjffl^*^^ ( m ) ^gttfc § t . mk 

1 lt4SL&reZ/nZH!&£3-tf\ ^£St 
Jttm2^A*LT. rn^ltJIX. ^IMSl 

1 3CA^LTm+r nSffSL, £ tf)*gS£ n - rftSi 
If Ef§ 12 0 1/ZXtS LT . Hf^C = g" + ^mod n££ 

j£-rs. 

[0040] mz, o ox^u^mmz^ 
xmrnti o m^gg 2 0 0 tts it s r -^m^ 2 1 0 
mmm2 Bt^r. ^st. 11^1*11^2 20^ 
flffl£B4 1^- 0 fI^M2 0 0 tfcftl, r -ss^ 

2 1 0(4. fflfl0H3 0 0K, Hf^ (C ) ^gftt 
St, mod P 2 -ji7Els2 1 lT-Cmod P 2 fcff-gU 
i«il&r-^g|2 1 2tA*LT. C p =C»-i mo 
d P^ ^If^L. C p ^M^MS»^il2 2 0tA^ 

s„ mmmmm>2 2 oti, r-^mgP2 1 oa^c 

p SStttSt. Maifm«22 1 tA^L. 

l (c p ) zm.-t&. mz. ztiz. mM2 2 2\z 

A^LL (Cp ) XL (g p ) -imod p£ffirtl>o Z 

?)\m. mmmm&m2 2 o&m^mtixttiti 

[004 1 ] mi. rfgR«^a^'<^M»f^g 

■j ^-mm&nz-jv^xmm-ti , 03 ^^^0^- 
mmz^-to ut^M4 0 otwmu5 0 o^ait 
@*i6 0 0 izx mmztixv^ 0 m^mw4 0 0 
ii. M^^i54 1 0 1 E n -^itmn4 2 0 sir 

-t. fI^M5 0 0(i:, mod P -S7t:ls5 1 Ot SSA 
[0042] iT. H|-t^a4 0 OT^Hf-f-fLMat 

o^tuiti.. Bt^gM4 o otfc(ti>mm*^ 

4 1 0«!¥IB£H4At^\ Mi«S54 1 0(4. Bf 
^■^■4 0 0 crjffjffl^*^^ ( m ) ^ g(tt !> t . 
SLS^S4 1 UiSlSreZ/nZ^SC Z\tl 
*m&4 12lZAJjlX. rn^ltmt. itl^jDE 
lf4 13(:A*Um+rn^!fIL, ;^$SH^E n 
-^SI|fS:^4 2 0(;A^LT. Hf^C= (m+r 
n) GS^-tS. 

[0043] iJct. fI^M5 0 OT'WflWItoU 

t!S 0 j^i> o m^SM 5 o otfcfts ssa r^3" u x 

AgH 5 2 0 commit H4 B t^-f „ fl^E 5 0 0tfc 
ItS nod P-JS7CH5 1 0(4. 31(10*16 0 0*^. Bf 
^ (C) £StttSt. Cp =Cmod P £E 
P (F p ) £U-gU Cp ^SSAT^3"yXAg|I5 2 
OtA^J-fS. SSAT;l-3"yXAg|55 2 0(4. mod P 
-S7CH5 1 0*^C P ^gfttSt. at WSIt 



(11) 
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jrii5 2ifcA^u a ( c p ) fcn-sr-rs. mz, z 

tl*. Sg^5 2 2HA*LA (C p ) XA (G p ) -i 
mod p£ff-g-f!>o i^fE£, SSAT;l-3"UX^g|55 
2 0 f±fI^F£m t LXftjl*t& . 
[0044] 

1 0 2 4 b*-y l-»t"S>tU£. n SSHjR^iMB-rS 

- k nmmm^immxh &&t>. n^io24t*-yb 
[0045] mmmw, mnmm$mm±^z., k 
^mimmt&^x h ^mmxh o . ^fcHHiws: 



inn; r mzmzm-j < mmwmw j 
[H2] A[ait«M«ai i ommmmm 

f&M£tft7v»/?M. Bimi*?)r-^M32 l 0 

B#cWg^ftJtM^^7'n > y m C (iH 1 
iM»8^ 2 2 0 «ft#;am«M^t-7''n -y ? 

[H3] zffima) rmm&izm^vmm&m 

[04] A{j;H3*0»t^4 1 Oc^tt&ttSffiJf 
J^M^t" 7"n >y ? Btt@3^SSA 7/1/3" U X 
5 2 0 CO ll#c«itt£|g)j»^f-7 n -y ? 0T£> 



[01] 



jilt HI*! 300 



1 1—110 



I 



Y 2 

^9 p - 



1 U-?20 



200 





m 




Z__EZLii2 


* t * p — 




| 1 * M 13 




l *t»it3*p - P 

' * LfCp) ' 222 

| | I ^ [ * — —J L ( g p )" 1 mod p 

| m = L(Cp)xL(gpr\nod p 



(12) 
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[03] 



[04] 



— YL 



IC p = Cmodp 



SSA7/La"iJX"A5&h 



520 \ 



- p, E p , A(Gpf modp 



500 



,-410 




|*1«C ■•»!§• f * 1— P.Ep.A 

| * It » F 1— P,A(G P r 1 mad P 



= A(Cp)x A(Gp) 1 modp 



[#M«E«] 

[HffiH] «1 1^2fll6H 

immrnmsg,] mm 

[*Kj}£] sos 
[ffliE^] 

[iMiM6] « n , g%m^&m^imm.<om- 

X. 

mum r t mmm n ^stg-r s^gi: , 
jja^MH n m t ix , ±,$zmm s tzn i±mm 

[^MIiiE2] 

immm®&] mm 
mmmmm mm i o 



[WlEf*]^] 

[who] x^$tLtz^kmmm^b^x 

0 £1>® 1 &IWt£&i: LTfJ^SSit Oft 
[«fiE3] 
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